SB2016082404 - Multiple vulnerabilities in Liferay Portal
Published: August 24, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in Search portlet. A remote attacker can use search to access otherwise restricted information.
2) Improper privilege management (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when editing blog entry. The application may reset the blog entry's permission to the default permission. This may allow a user without the necessary permission to view a blog entry.
3) Improper Restriction of XML External Entity Reference (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform XXE attacks.
The vulnerability exists due to PDFBox does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
4) Information disclosure (CVE-ID: N/A)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to web application stored LDAP credentials in log file, when log level is set to DEBUG. A local user with ability to view log files can obtain access credentials of web application users.
5) Open redirect (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability exists due to insufficient sanitization of untrusted input data when performing redirects to external websites. A remote attacker can create a specially crafted URL and redirect users to malicious websites.
6) Cross-site scripting (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the <aui:form> tag. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of the affected website.
7) Cross-site scripting (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of the affected website.
8) Stored cross-site scripting (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Monitoring. A remote attacker can trick the victim to visit a page with XSS payload and execute arbitrary HTML and script code in victim’s browser in security context of the affected website.
Remediation
Install update from vendor's website.
References
- https://issues.liferay.com/browse/LPS-67681
- https://issues.liferay.com/browse/LPS-67682
- https://issues.liferay.com/browse/LPS-67683
- https://issues.liferay.com/browse/LPS-67684
- https://issues.liferay.com/browse/LPS-67679
- https://issues.liferay.com/browse/LPS-67676
- https://issues.liferay.com/browse/LPS-67677
- https://issues.liferay.com/browse/LPS-67678
- https://issues.liferay.com/browse/LPS-67675